Mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2024-09-20 03:51:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

CommonMark escapes double-quotes

Browse Source
This commit is contained in:
Aidan Woods 2019-01-27 18:02:32 +00:00
parent d6c97ee111
commit 2e0ad27c5e
No known key found for this signature in database
GPG Key ID: 9A6A8EFAA512BBB9
6 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
psalm.xml
View File

@ -33,6 +33,7 @@
<referencedMethod name="Erusev\Parsedown\Configurables\BlockTypes::removing" /> <referencedMethod name="Erusev\Parsedown\Configurables\BlockTypes::removing" />
<referencedMethod name="Erusev\Parsedown\Configurables\Breaks::enabled" /> <referencedMethod name="Erusev\Parsedown\Configurables\Breaks::enabled" />
<referencedMethod name="Erusev\Parsedown\State::mergingWith" /> <referencedMethod name="Erusev\Parsedown\State::mergingWith" />
<referencedMethod name="Erusev\Parsedown\Html\Sanitisation\Escaper::htmlElementValue" />
</errorLevel> </errorLevel>
</PossiblyUnusedMethod> </PossiblyUnusedMethod>
</issueHandlers> </issueHandlers>

2
src/Html/Renderables/Text.php
View File

@ -29,6 +29,6 @@ final class Text implements Renderable
/** @return string */ /** @return string */
public function getHtml() public function getHtml()
{ {
return Escaper::htmlElementValue($this->text); return Escaper::htmlElementValueEscapingDoubleQuotes($this->text);
} }
} }

9
src/Html/Sanitisation/Escaper.php
View File

@ -22,6 +22,15 @@ final class Escaper
return self::escape($text, true); return self::escape($text, true);
} }
/**
* @param string $text
* @return string
*/
public static function htmlElementValueEscapingDoubleQuotes($text)
{
return \htmlspecialchars($text, \ENT_COMPAT, 'UTF-8');
}
/** /**
* @param string $text * @param string $text
* @param bool $allowQuotes * @param bool $allowQuotes

4
tests/ParsedownTest.php
View File

@ -124,12 +124,12 @@ MARKDOWN_WITH_MARKUP;
<p>&lt;div&gt;<em>content</em>&lt;/div&gt;</p> <p>&lt;div&gt;<em>content</em>&lt;/div&gt;</p>
<p>sparse:</p> <p>sparse:</p>
<p>&lt;div&gt; <p>&lt;div&gt;
&lt;div class="inner"&gt; &lt;div class=&quot;inner&quot;&gt;
<em>content</em> <em>content</em>
&lt;/div&gt; &lt;/div&gt;
&lt;/div&gt;</p> &lt;/div&gt;</p>
<p>paragraph</p> <p>paragraph</p>
<p>&lt;style type="text/css"&gt; <p>&lt;style type=&quot;text/css&quot;&gt;
p { p {
color: red; color: red;
} }

4
tests/data/fenced_code_block.html
View File

@ -6,9 +6,9 @@ echo $message;</code></pre>
<pre><code class="language-php">echo 'language identifier';</code></pre> <pre><code class="language-php">echo 'language identifier';</code></pre>
<pre><code class="language-c#">echo 'language identifier with non words';</code></pre> <pre><code class="language-c#">echo 'language identifier with non words';</code></pre>
<pre><code class="language-html+php">&lt;?php <pre><code class="language-html+php">&lt;?php
echo "Hello World"; echo &quot;Hello World&quot;;
?&gt; ?&gt;
&lt;a href="http://auraphp.com" &gt;Aura Project&lt;/a&gt;</code></pre> &lt;a href=&quot;http://auraphp.com&quot; &gt;Aura Project&lt;/a&gt;</code></pre>
<pre><code>the following isn't quite enough to close <pre><code>the following isn't quite enough to close
``` ```
still a fenced code block</code></pre> still a fenced code block</code></pre>

2
tests/data/tab-indented_code_block.html
View File

@ -3,4 +3,4 @@
$message = 'Hello World!'; $message = 'Hello World!';
echo $message; echo $message;
echo "following a blank line";</code></pre> echo &quot;following a blank line&quot;;</code></pre>